Surf Control RiskFilter User Manual

SurfControl RiskFilter - E-mail

Administrator's Guide

Version 5.2.4

™

CONTENTS

Notices............................................................................................................................................... i

FINDING YOUR WAY AROUND ..................................................................................... 1

How RiskFilter works ......................................................................................................................... 2

Managing your messages with RiskFilter ............................................................................2

Load balancing with RiskFilter........................................................................................................... 4

Launching SurfControl RiskFilter....................................................................................................... 6

RiskFilter System Management Console ............................................................................6

RiskFilter Management Console (Administrator) ................................................................. 7

Before you start ................................................................................................................................. 8

SYSTEM SETTINGS .................................................................................................... 9

The System Settings tab ................................................................................................................... 10

Terminology used ................................................................................................................10

What can be configured in the System Settings tab? ..........................................................10

General.............................................................................................................................................. 11

Configuration .......................................................................................................................11

User Directories ................................................................................................................... 13

Secure Proxy ....................................................................................................................... 22

Logs and Archives ............................................................................................................... 24

Certificate ............................................................................................................................25

Receive Settings................................................................................................................................ 27

Connection Control ..............................................................................................................27

Directory Attack Control .......................................................................................................29

Relay Control ....................................................................................................................... 30

Recipient Validation .............................................................................................................33

Message Control ................................................................................................................. 34

Exception Control ................................................................................................................ 35

Black List .............................................................................................................................37

White List ............................................................................................................................. 39

Send Settings .................................................................................................................................... 41

Domain-Based Delivery .......................................................................................................41

Traffic Control ...................................................................................................................... 43

Advanced Delivery ...............................................................................................................43

User Management ............................................................................................................................. 45

Account Manager ................................................................................................................45

Personal E-mail Manager .................................................................................................... 48

End-user Control ................................................................................................................. 52

User Authentication .............................................................................................................53

License & Updates ............................................................................................................................ 55

Update Now .........................................................................................................................55

Scheduled Update ...............................................................................................................57

License Status ..................................................................................................................... 58

Update Server ..................................................................................................................... 59

License Server ..................................................................................................................... 60

SurfControl RiskFilter - E-mail V5.2.4 Administrator’s Guide i

Help ...................................................................................................................................................61

Admin Guide ........................................................................................................................61

Contact Support ................................................................................................................... 61

Firstboot Wizard .................................................................................................................. 62

Configuration Wizard ...........................................................................................................62

Key Points .........................................................................................................................................63

POLICY MANAGER ................................................................................................... 65

The Policy Manager tab..................................................................................................................... 66

Terminology used ................................................................................................................66

What can be configured in the Policy Manager tab? ........................................................... 66

Creating a Policy ............................................................................................................................... 67

Step 1 - Defining users ........................................................................................................67

Step 2 - Defining the action .................................................................................................67

Step 3 - Defining the Rules ..................................................................................................68

Address Group ..................................................................................................................................69

Importing and exporting Lists .............................................................................................. 69

Deleting Address groups ..................................................................................................... 70

Queue Manager................................................................................................................................. 71

Adding Queues ....................................................................................................................71

Dictionary Manager ........................................................................................................................... 73

SurfControl Dictionaries .......................................................................................................73

Custom Dictionaries ............................................................................................................75

Importing dictionaries .......................................................................................................... 76

Global Policy...................................................................................................................................... 79

Creating a new Sub-policy ...................................................................................................79

Editing a sub-policy ............................................................................................................. 81

Adding Filters to the policy ..................................................................................................81

Defining a filter ..................................................................................................................... 82

The Anti-Virus Agent Filter .................................................................................................. 83

The Anti-Spam Agent Filters ............................................................................................... 85

Internet Threat Database Filter ............................................................................................88

Standard Disclaimer ............................................................................................................89

General Content Filter .........................................................................................................91

advanced content filter ........................................................................................................92

Message Attachment Filter ..................................................................................................96

Content Guardian ................................................................................................................98

Dictionary Threshold Filter ...................................................................................................100

Key Points .........................................................................................................................................103

REPORTS & LOGS ..................................................................................................... 105

The Reports and Logs tab ................................................................................................................. 106

Terminology used ................................................................................................................106

What can be configured in the Reports and Logs tab? ....................................................... 106

Dashboard ........................................................................................................................... 107

Master Report.................................................................................................................................... 108

Querying the Master Report ................................................................................................ 108

Message Report ................................................................................................................................ 110

ii Administrator’s Guide SurfControl RiskFilter - E-mail V5.2.4

Querying the Message Report ............................................................................................. 110

Policy Report ..................................................................................................................................... 111

Querying the Policy Report ..................................................................................................111

Virus Report....................................................................................................................................... 112

Querying the Virus Report ................................................................................................... 112

Spam Report ..................................................................................................................................... 113

Querying the Spam Report .................................................................................................. 113

Connection Report............................................................................................................................. 114

Querying the Connection Report .........................................................................................114

System Report................................................................................................................................... 116

Isolated Messages............................................................................................................................. 117

Managing Isolated Messages .............................................................................................. 117

Virus Messages ................................................................................................................................. 119

Managing the Virus Messages ............................................................................................ 119

Spam Messages................................................................................................................................ 121

Managing Spam Messages .................................................................................................121

Archived Messages ...........................................................................................................................123

Managing Archived Messages ............................................................................................ 123

Deferred Messages ...........................................................................................................................127

Querying Deferred Messages ..............................................................................................127

Key Points .........................................................................................................................................129

RISKFILTER SYSTEM MANAGEMENT CONSOLE ................................................................ 131

Overview............................................................................................................................................ 132

What can be configured with the System Management Console? ......................................132

Accessing the RiskFilter System Management Console ..................................................... 133

The rfmngr account .............................................................................................................133

The Webmin Tab ............................................................................................................................... 134

What can be configured in the Webmin tab? ....................................................................... 134

Webmin Actions Log ............................................................................................................ 135

Webmin Configuration ......................................................................................................... 135

Webmin Servers Index ........................................................................................................ 137

The System Tab ................................................................................................................................ 138

What can be configured in the System tab? ........................................................................ 138

Bootup and Shutdown .........................................................................................................139

Change Passwords ............................................................................................................. 139

Historic System Statistics .................................................................................................... 139

Multi Gateway Policy Routing ..............................................................................................140

Network Configuration ......................................................................................................... 141

Running Processes ............................................................................................................. 146

System Time ........................................................................................................................ 146

System and Server Status ................................................................................................... 147

The RiskFilter Tab ............................................................................................................................. 148

What can be configured in the RiskFilter tab? ..................................................................... 148

RiskFilter Services Manager ................................................................................................ 149

RiskFilter Backup Manager ................................................................................................. 149

RiskFilter Cluster Wizard ..................................................................................................... 150

RiskFilter Web Access Manager ......................................................................................... 153

SurfControl RiskFilter - E-mail V5.2.4 Administrator’s Guide iii

Update RiskFilter - E-mail ....................................................................................................154

Key Points .........................................................................................................................................155

APPENDIX .............................................................................................................. 157

Using the Command Line Interface ...................................................................................................158

qtool.sh ................................................................................................................................ 159

uninstall.sh ........................................................................................................................... 163

Internet Threat Database Categories ................................................................................................ 165

Core / Liability Categories ................................................................................................... 166

Productivity Categories ........................................................................................................167

INDEX................................................................................................................................................169

iv Administrator’s Guide SurfControl RiskFilter - E-mail V5.2.4

Finding your way around

Chapter 1

How RiskFilter works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 2

Load balancing with RiskFilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 4

Launching SurfControl RiskFilter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 6

Before you start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 8

INDING YOUR WAY AROUND

How RiskFilter works

HOW RISKFILTER WORKS

Figure 1-1shows how a message is processed by RiskFilter:

Figure 1-1 The RiskFilter filtering process

MANAGING YOUR MESSAGES WITH RISKFILTER

RiskFilter gives you access to several tools with which you can manage your E-mail messages:

Table 1-1 RiskFilter Core Components

Component What it does Find out more

Queues

Filters

2 Administrator’s Guide SurfControl RiskFilter - E-mail V5.2.4

Any isolated e-mails are moved to different queues (depending on the the type of message) for safe keeping. You can then release, move or delete them. These directories also show the activity logs.

Filters govern whether a message should be delivered or isolated. Use the supplied filters: Anti-Virus, Anti-Spam and Internet Threat Database, or create your own custom filters to catch specific messages.

See Queue Manager in the Policy Manager chapter.

See Global Policy >

Adding Filters Policy

in the Policy

Manager chapter.

to the

INDING YOUR WAY AROUND

How RiskFilter works

Table 1-1 RiskFilter Core Components

Component What it does Find out more

Connection Control

Limit the number of simultaneous connections made on your server. Determine whether to perform real-time blacklist checking.

See Receive Settings > Connection Control in the System Settings chapter.

Dictionary Management

Relay Control

Dictionaries are used by the filters to detect particular kinds of content – use Dictionary Management to configure Dictionaries to suit your needs.

Stop your e-mail system from being used as an open relay by spammers.

See Dictionary Manager in the Policy Manager chapter.

See Receive Settings > Relay Control in the System Settings chapter.

SurfControl RiskFilter - E-mail V5.2.4 Administrator’s Guide 3

INDING YOUR WAY AROUND

Load balancing with RiskFilter

LOAD BALANCING WITH RISKFILTER

You can deploy RiskFilter in a cluster and load-balance using MX records:

1 On the DNS server hosting your domain, create an MX record for each primary RiskFilter server using

the same MX preference.

2 Give the failover server a higher number. This will give it a lower preference.

Table 1-1 shows an example of MX preference assignments for load-balancing and failover using MX records.

Table 1-1 Using MX Records for Load-Balancing

Mail Exchanger IP Address MX Preference

Site A

mx1.siteA.com 208.126.216.20

mx2.siteA.com 208.126.216.21

mx3.siteA.com 208.126.216.22 5

mx4.siteA.com 197.201.56.201 10

Site B

mx1.siteB.com 197.201.56.201

mx2.siteB.com 197.201.56.202

mx3.siteB.com 197.201.56.203

mx4.siteB.com 208.126.216.20

Figure 1-2 Load balancing

4 Administrator’s Guide SurfControl RiskFilter - E-mail V5.2.4

INDING YOUR WAY AROUND

Load balancing with RiskFilter

A lower MX preference number gives higher priority than a lower one. In Figure 1-2, e-mail is sent in the following way:

• E-mail sent to site A.com round-robins between mail exchangers 1, 2,and 3, because each RiskFilter

appliance has the same MX preference of 5.

• The same thing happens for e-mail sent to site B.com. If site A is down (e.g., with a network failure),

the sending mail server will route e-mail to the fourth (failover) MX record, which is the address of a server in a different physical location.

For the described failover to work properly, RiskFilter appliances at site A are configured to accept messages for site B, and RiskFilter appliances at site B are configured to accept messages for site A.

The failover servers have static routes configured so that RiskFilter knows where to route the e-mail. There are also advanced load-balancing switches that can be used for these purposes. These switches offer a variety of load-balancing algorithms, in addition to round-robin delivery, which provide efficient load distribution and timely failover. Using load-balancing switches may improve the overall efficiency of your SMTP infrastructure.

SurfControl RiskFilter - E-mail V5.2.4 Administrator’s Guide 5

INDING YOUR WAY AROUND

Launching SurfControl RiskFilter

LAUNCHING SURFCONTROL RISKFILTER

SurfControl RiskFilter consists of two interfaces:

• RiskFilter System Management Console

• RiskFilter Management Console (Administrator)

There is also a third interface available to users if you enable Personal E-mail Manager (PEM). This enables them to manage spam messages that have been isolated (See “Personal E-mail Manager” on page 48 for more details).

Note: All text fields within RiskFilter can accept non-Latin characters such as Japanese. However, there is a text-limit of 64 characters within these fields. Any values entered into these fields such as port and refresh rates, must be valid integers.

RISKFILTER SYSTEM MANAGEMENT CONSOLE

The RiskFilter System Management Console enables you to configure the RiskFilter appliance itself as well as its interaction with the surrounding network. With RiskFilter System Management Console you can:

• Use IP Access Control to only allow access to those IP addresses that you trust.

• Make changes to the language that titles, prompts and messages etc will be displayed in, within the

RiskFilter appliance interfaces.

• Make network specific changes, such as adding RiskFilter Management Console servers and

specifying which IP addresses and ports RiskFilter Management Console will bind to.

• Keep records of the various actions taken by administrators on the RiskFilter Management Console

server.

• Check things like historic system settings and running processes.

• Change passwords.

To open the RiskFilter System Management Console:

3 Open a web browser and type:

https://<hostname_or_ipaddress>:10000/

where ‘<hostname_or_ipaddress> is the name or IP address of your RiskFilter appliance.

4 At the RiskFilter Management Console login page enter the username and password. The default

username and password are:

– Username =

– Password = $rfmngr$

5 Click Login.

See “RiskFilter System Management Console” on page 131 for detailed information on all of RiskFilter Management Console’s functionality and how to use the interface.

6 Administrator’s Guide SurfControl RiskFilter - E-mail V5.2.4

rfmngr

INDING YOUR WAY AROUND

Launching SurfControl RiskFilter

RISKFILTER MANAGEMENT CONSOLE (ADMINISTRATOR)

The SurfControl RiskFilter Management Console is where you manage the RiskFilter software. You can use this interface to:

• Manage user accounts and licensing.

• Schedule updates to Anti-Virus and Anti-Spam agents.

• Manage servers and connection issues.

• Set up policies to manage how users send and receive e-mail.

• Run reports on these users and their messages.

To open the RiskFilter Management Console:

1 Open a web browser and type:

https://<hostname_or_ipaddress>/admin

where ‘<hostname_or_ipaddress> is the name or IP address of your RiskFilter appliance.

2 At the RiskFilter Management Console login page enter the user name and password that you want to

use to access the account. The default user name and password are:

–User name =

– Password =

3 Click Login.

administrator

admin

Opening the RiskFilter Management Console

As soon as the RiskFilter Management Console opens, you will see the Dashboard containing brief information about servers used, as well as a report showing general e-mail use:

Figure 1-3 The Dashboard

SurfControl RiskFilter - E-mail V5.2.4 Administrator’s Guide 7

INDING YOUR WAY AROUND

Before you start

BEFORE YOU START

This Administrator’s guide assumes that you have completed the following steps:

1 Mounted the appliance using the supplied hardware set up guide.

2 Gathered the network information that is required for the configuration of the RiskFilter appliance.

3 Configured the RiskFilter appliance via your chosen connection, using the network information that

you gathered earlier. The RiskFilter Starter guide contains details of the different connection options.

4 Updated the SurfControl OS and software using the RiskFilter Management Console.

5 Activated your RiskFilter license.

6 Updated the Anti-Virus and Anti-Spam agents.

7 Configured Relay Control and e-mail-routing.

For instructions on how to carry out these steps refer to the Starter Guide which is supplied with the RiskFilter appliance.

8 Administrator’s Guide SurfControl RiskFilter - E-mail V5.2.4

System Settings

Chapter 2

The System Settings tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .page 10

General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 11

Receive Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 27

Send Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 41

User Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 45

Help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 61

Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 63

YSTEM

The System Settings tab

ETTINGS

THE SYSTEM SETTINGS TAB

This chapter explains how to use the System Settings tab to:

• Configure the transport of e-mails.

• Authenticate the senders and recipients of e-mails.

TERMINOLOGY USED

The following terminology is used in this chapter:

• PEM – Personal E-mail Manager. Enables users to manage their own isolated messages.

• User Directories – Provides RiskFilter with recipient address validation and end-user authentication.

• ESMTP – Extended Simple Mail Transfer Protocol. Enhances SMTP by specifying extensions for

sending e-mail to support graphics, audio and video files. It also enables SMTP to support the sending of text in various national languages.

• CSR – Certificate Signing Request. Contains the public key information which matches the private key

installed on RiskFilter and enables you to import a new certificate. When the CSR is exported to the same directory as the new certificate, the certificate will pick up this information so that RiskFilter can recognize it.

• AVA – Anti-Virus Agent

• ASA – Anti-Spam Agent

WHAT CAN BE CONFIGURED IN THE SYSTEM SETTINGS TAB?

The System Settings tab is where you configure the receiving and delivery of messages to and from the RiskFilter appliance.

Figure 2 - 1 The System Settings Tab

System Settings enables you to:

• Configure user authentication and directories for storing messages and log files

• Set up Personal E-mail Manager (PEM)

• Set up a postmaster e-mail address

• Configure sending and receiving information

• Set up licensing and updates

10 Administrator’s Guide SurfControl RiskFilter - E-mail V5.2.4

YSTEM

ETTINGS

General

GENERAL

The General menu contains sub-menus that enable you to set up the delivering and receiving of e-mails. This includes specifying how RiskFilter should treat connections from other administrators, and where to send alert messages and notifications.

CONFIGURATION

These settings are added in the Configuration screen.

Figure 2 - 2 The Configuration screen

Postmaster e-mail address

If a service stops, or a similar event occurs, RiskFilter can send a warning message to a predefined address. This predefined postmaster e-mail address is usually the administrator’s.

To set up the Postmaster e-mail address:

1Select General > Configuration from the System Settings tab.

2 Enter the e-mail address of the administrator into the Administrator E-mail field. This is the address

that will receive the system warning messages.

3 Enter the e-mail address of the administrator into the Default Notification Sender E-mail field.

Notifications will be sent to the user from this address, informing them that the message has been isolated.

4 Click Submit. For information on the other settings that can be entered into this screen see Table 1 on

page 12.

SurfControl RiskFilter - E-mail V5.2.4 Administrator’s Guide 11

YSTEM

General

ETTINGS

Table 1 Other Settings

Setting What it does

SMTP greeting message

Admin Console Locale

Preferred MIME Charset

Admin Console Session Timeout

The greeting message can indicate that the system is working correctly when you first start to set up the RiskFilter appliance using Hyper Terminal. An example of where this message appears would be:

[root@smg10 conf]# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 Surfcontrol RiskFilter ESMTP Service Ready

To set a new message, enter this message into the SMTP greeting message field.

Set the language that is used within RiskFilter by choosing one of the options:

• User Language specified by Browser - RiskFilter will select the language automatically according to the browser’s language setting.

• English

• Simplified Chinese

• Japanese

Select the MIME Charset which will be used to encode mail. We recommend that you select ISO 8859-1.

If the administrator connects to the RiskFilter appliance then leaves the connection idle, the connection will be dropped after a certain amount of time. To set this timeout, enter the length of time in minutes into the RiskFilter Console Session Timeout field.

12 Administrator’s Guide SurfControl RiskFilter - E-mail V5.2.4

YSTEM

ETTINGS

General

USER DIRECTORIES

User Directories provide RiskFilter with recipient address validation and end-user authentication:

• Address validation takes place when a message is received.

• User authentication is used by end-users to log in and check their isolated messages.

To add User Directories:

1Select General > User Directories from the System Settings tab.

2 Click

3 Select your Directory Type from the list of options.

Add.

Figure 2 - 3 Defing the type of directory you want to create

4 Enter details into the screen that follows according to the type of User Directory you are adding.

5 Click Submit.

Editing User Directories

Once you have added your User Directory you can edit it at any time providing you have not configured Recipient Validation or User Authentication. If you have added either of these, the directory ID of the User Directory cannot be edited.

To edit a User Directory:

1 In the User Directories screen click the Edit button alongside the directory you want to edit:

Figure 2 - 4

SurfControl RiskFilter - E-mail V5.2.4 Administrator’s Guide 13

Existing User Directories

YSTEM

2 This will show a screen containing all of the details of the User Directory that you want to edit. The

General

following example shows a Generic LDAP User Directory:

ETTINGS

Figure 2 - 5

3 Make changes to the User Directory by editing these details.

4 Click Submit to save the changes or click Reset to undo any changes that you have made.

Generic LDAP Server Information

Deleting a User Directory

You can delete any User Directory you have added providing you have not configured Recipient Validation or User Authentication. If you have added either of these, the User Directory cannot be deleted.

To delete a User Directory:

1 Open the User Directories screen.

Figure 2 - 6

2 Select the check box alongside the User Directory that you want to delete.

3 Click Delete.

Existing User Directories

The following sections cover the different types of user directories that you can add to RiskFilter and the information you need to add.

14 Administrator’s Guide SurfControl RiskFilter - E-mail V5.2.4

YSTEM

ETTINGS

General

Microsoft Active Directory

This is the default server type. Microsoft Active Directory supports Address Group Import, User Authentication, User Aliases and Recipient Validation.

To add a Microsoft Active Directory server:

1 Click Add in the User Directories screen.

2 Make sure that the default Microsoft Active Directory option is selected.

3 Click Next. The Microsoft Active Directory Server Information screen is displayed.

Figure 2 - 7 Microsoft Active Directory Server Information

4 Enter the following information:

• Directory ID – The ID of the directory. This field is limited to 64 characters.

• Server Address – The address of your LDAP server.

• Port – The default is 389.

• Enable Secure LDAP – Select the check box if you wish to enable Secure LDAP. This will change the default port number to 636.

• User Name / Password – The user name and password for this appliance.

• Base DN – This is the Base DN of the LDAP server when applying the validation filter. It can contain any of the above variables.

• Search Filter – The search filter is a standard LDAP query and can also use the variables listed. For example: |(mail=%email%)(user=%user%)(ou=Engineering)

• Cache Setting – Select the option that corresponds to how you want to treat Address Caching:

– Cache All Addresses – All addresses will be cached.

SurfControl RiskFilter - E-mail V5.2.4 Administrator’s Guide 15

YSTEM

General

– Enable Partial Address Caching – This is the default setting. Enter a value into the Maximum

Cache Entry field to specify how many entries should be stored in the memory cache. The

default is 10000.

– Disable Address Caching - No addresses will be cached.

• Cache timeout – When Cache All Addresses or Enable Partial Address Caching are enabled, addresses of all e-mails passing through RiskFilter are checked against the validation server. E-mails from valid addresses are delivered, and the addresses held in cache for a set time. If an email is sent from a previously validated address within this cache timeout, the e-mail is delivered without contacting the validation server. However, if another e-mail is sent from this address after the cache timeout, the server will be contacted again to validate the address. This setting must be in valid Integers. The default is 60.

ETTINGS

IBM LDAP server

IBM LDAP supports Address Group Import, User Authentication, User Aliases and Recipient Validation. If you use a server running IBM LDAP authentication, you can add an IBM LDAP server.

To add an IBM LDAP server:

1 Click Add in the User Directories screen.

2Select IBM LDAP Server.

3 Click Next. The IBM LDAP server screen is displayed.

4 Enter the following information:

• Directory ID – The ID of the directory. This field is limited to 64 characters.

• Server Address – The address of your LDAP server.

• Port - The default is 389.

• Enable Secure LDAP – Select the check box if you wish to enable Secure LDAP. This will change the default port number to 636.

• User Name / Password – The user name and password for this appliance.

• Cache Setting – Select the option that corresponds to how you want to treat Address Caching:

– Cache all addresses – All addresses will be cached.

– Enable Partial Address Caching – This is the default setting. Enter a value into the Maximum

Cache Entry field to specify how many entries should be stored in the memory cache. The default is 10000.

– Disable Address Caching - No addresses will be cached.

5 Click Submit.

16 Administrator’s Guide SurfControl RiskFilter - E-mail V5.2.4

YSTEM

ETTINGS

General

Generic LDAP

Generic LDAP supports Address Group Import, User Authentication, User Aliases and Recipient Validation.

To add an Generic LDAP server:

1 Click Add in the User Directories screen.

2Select Generic LDAP.

3 Click Next. The Generic LDAP screen is displayed.

4 Enter the following information:

• Directory ID – The ID of the directory. This field is limited to 64 characters.

• Server Address – The address of your LDAP server.

• Port – The default is 389.

• Enable Secure LDAP – Select the check box if you wish to enable Secure LDAP. This will change the default port number to 636.

• User Name/ Password – The user name and password for this appliance.

• Base DN – This is the Base DN of the LDAP server when applying the validation filter.

• Search Filter – The search filter is a standard LDAP query and can also use the variables listed. For example: |(mail=%email%)(user=%user%)(ou=Engineering)

• Mail Field – The field in the LDAP query that contains the e-mail address to be imported.

• Cache Setting – Select the option that corresponds to how you want to treat Address Caching:

– Cache All Addresses – All addresses will be cached.

– Enable Partial Address Caching – This is the default setting. Enter a value into the Maximum

Cache Entry field to specify how many entries should be stored in the memory cache. The default is 10000.

– Disable Address Caching – No addresses will be cached.

• Cache Timeout - When Cache All Addresses or Enable Partial Address Caching are enabled, addresses of all e-mails passing through RiskFilter are checked against the validation server. Emails from valid addresses are delivered, and the addresses held in cache for a set time. If an email is sent from a previously validated address within this cache timeout, the e-mail is delivered without contacting the validation server. However, if another e-mail is sent from this address after the cache timeout, the server will be contacted again to validate the address. The default is 60

5 Click Submit.

SurfControl RiskFilter - E-mail V5.2.4 Administrator’s Guide 17

YSTEM

General

ETTINGS

Validation settings

Variables which can be used for validation. These can be set when you are adding your LDAP server.

Search Filter. There are three variables which can be used in the Search filter for validation:

• %user% = the user name of the user to be validated

• %domain% = the domain that this user belongs to

• %email% = the e-mail address of this user

LDAP will try to validate a message by checking with the LDAP server using this search, for example: jbloggs@mycom.com

This message will be validated using the variables as follows:

• %user%= jbloggs

• %domain%= mycom.com

• %email%= jbloggs@mycom.com

Base DN. BaseDN, is an LDAP term meaning the base Domain Name which will be in the form of:

cn=users,dc=example,dc=com

Mail Field. The mail field is a list of LDAP entries containing e-mail addresses. When importing address groups, the mail field is used to find out which entries/field in the LDAP server are e-mail addresses.

ESMTP Server Information

ESMTP adds many enhancements to the SMTP protocol such as security and authentication. It supports User Authentication and Recipient Validation.

To add an ESMTP server:

1 Click Add in the User Directories screen.

2Select ESMTP.

3 Click Next. The ESMTP Server Information screen is displayed.

4 Enter the following information:

• Directory ID – The ID of the directory. This field is limited to 64 characters.

• Server Address – The address of your ESMTP server.

• Enable secure connection using STARTTLS – Allow validation and authentication using TLS

Note: SurfControl recommends that STARTTLS is enabled for security reasons. Using TLS may, however, have some impact on performance, as extra CPU processing is needed to encode and decode the TLS encrypted data.

• Port - The default port is 25.

• E-mail Verification Method – Select the option that corresponds to how you want e-mail to be verified:

– Use the return status of the VRFY command

– Use the return status of the RCPT command

18 Administrator’s Guide SurfControl RiskFilter - E-mail V5.2.4

YSTEM

ETTINGS

General

• Cache Setting – Select the option that corresponds to how you want to treat Address Caching:

– Enable Partial Address Caching – This is the default setting. Enter a value into the Maximum

Cache Entry field to specify how many entries should be stored in the memory cache. The default is 10000.

– Disable Address Caching – No addresses will be cached.

• Cache Timeout – When Enable Partial Address Caching is enabled, addresses of all e-mails passing through RiskFilter are checked against the validation server. E-mails from valid addresses are delivered, and the addresses held in cache for a set time. If an e-mail is sent from a previously validated address within this cache timeout, the e-mail is delivered without contacting the validation server. However, if another e-mail is sent from this address after the cache timeout, the server will be contacted again to validate the address. The default is 60.

Click Submit.

Recipient File

You can validate a user ID with a recipient address file. Recipient file supports Address Group Import, as well as Recipient Validation.In addition, you can save user addresses as a text file (one e-mail address per line), for user recipient validation.

To add Recipient File validation:

Note: Recipient File cannot be used for PEM authentication.

1 Click Add in the User Directories screen.

2Select Recipient File.

3 Click Next. The Recipient File screen is displayed.

4 Enter a name for the Recipient File into the Directory ID field. This field is limited to 64 characters.

5 Click Browse to navigate to your list of e-mail addresses.

Note: These must be text format, with one address per line.

6 Locate the file then click Open.

7 Click Submit.

Local Database

A user-defined list of e-mail addresses and passwords can be imported onto the RiskFilter appliance and stored in the database for authentication and validation purposes. Local Database supports Address Group import, Recipient Validation and User Authentication if a password is set.

Note: The text file that you want to import names and e-mail addresses from should be a plain text file (.txt) or an Excel file in csv format. Users’ e-mail addresses and passwords must be separated by a semi-colon (;), space, tab or comma (,).

SurfControl RiskFilter - E-mail V5.2.4 Administrator’s Guide 19

YSTEM

General

ETTINGS

To add a local database:

1 Click Add in the User Directories screen.

2Select Local Database.

3 Click Next. The Local Database Information screen is displayed:

Figure 2 - 8 Local Database Information

4 Enter the following information:

• Directory ID – The ID of the directory. This field is limited to 64 characters.

• File Path – The path to the database. Enter the path or click Browse to navigate to it.

Note: You can create a user directory for Local Database without the database path being specified, then create and add the actual database manually, later. Just leave the File Path field blank when you are creating the user directory.

5 Select the ‘Contains Password’ check box if the file being imported contains passwords which you

want to use:

• If you create a local database with a password, then this local database can be used for Recipients Validation and User Authentication.

• If you create a local database with no password, then this local database can be used for Recipients Validation.

Note: Once you have selected or cleared the ‘Contains Password’ check box, it cannot be subsequently altered. You must create a new Local Database User Directory in order to change it.

6 Set up address validation caching for the RiskFilter appliance in the General Settings section by

choosing one of the following options:

• Cache All Addresses – All addresses will be cached.

• Disable Address Caching – Addresses will not be cached.

7 Click Submit.

20 Administrator’s Guide SurfControl RiskFilter - E-mail V5.2.4

YSTEM

ETTINGS

General

Adding addresses to a local database. You can add specific addresses from a user list by adding them

manually. This can also be used if you have created your user directory before you created your user list and now want to add this list to the user directory.

To add addresses manually:

1 Create your database and store it in a place accessible to RiskFilter.

2 In the User Directories screen select the User Directory you want to add the addresses to.

3 Click Edit. The Local Database Information screen is displayed.

Figure 2 - 9

Local Database Information

4 Click Browse and browse to the database containing the addresses that you want to add.

Alternatively, enter the path to the file in the File path field.

5 Click Addresses. The Local Database - Addresses screen is displayed.

Figure 2 - 10 Local Database - Addresses

6 Click Add.

SurfControl RiskFilter - E-mail V5.2.4 Administrator’s Guide 21

YSTEM

General

ETTINGS

7The Local Database - Add/Edit Address screen is displayed.

Figure 2 - 11 Adding an address to the database

8 Enter the address that you want to add into the Address field.

9 If the database you are adding has a password then you need to enter this password into the

Password field then confirm it. If the database does not have a password, you can leave these fields blank.

10 Click Submit.

SECURE PROXY

You can configure RiskFilter to act as a proxy server. In this setup, your users connect to the RiskFilter appliance rather than the mail server itself. The RiskFilter appliance collects the requested mail from the mail server and passes it back to the user. Using RiskFilter in this way provides an extra layer of security though you will need a POP3 server, Webmail or an IMAP proxy to do this. Your e-mail system can then be accessed remotely via the RiskFilter SSL VPN gateway.

To enable a proxy server:

1Select General > Secure Proxy from the System Settings tab.

Figure 2 - 12 The Secure Proxy Setting screen

22 Administrator’s Guide SurfControl RiskFilter - E-mail V5.2.4

YSTEM

2 In the Total Simultaneous Connections field, enter the maximum number of connections that you

want to be connected at any one time. The default setting is 200

3Select Enable POP3 Proxy.

4 Enter the following information:

• Incoming POP3 Port – The port number. The default port number is 110. Select the Require Secure Channel (SSL) option if required. It is not selected by default.

• Back-end POP3 Server – The IP address or domain name of the e-mail server required to act as your back-end proxy. In the Port field, enter the right port number. The default setting is 110. Select the Require Secure Channel (SSL) option if required.

• Timeout – The timeout period in seconds, the default value is 600 seconds

5Select Enable Webmail Proxy.

6 Enter the following information:

• Incoming Webmail Port – The port number. The default port number is 80. Select the Require Secure Channel (SSL) option if required.

• Back- end Webmail Server – The IP address or domain name of the e-mail server that is required to act as your back-end proxy.

• Port – The port number, the default port number is 80. Select the Require Secure Channel (SSL) option if required.

• Timeout – The time period for timeout in seconds. The default setting is 600 seconds.

ETTINGS

General

7Select Enable IMAP Proxy.

8 Enter the following information:

• Incoming IMAP Port – The port number, the default port number is 143. Select the Require Secure Channel (SSL) option if required.

• Back-end IMAP Server – The IP address or domain name of the e-mail server that is required to act as your back-end proxy.

• Port – The port number. The default port number is 143. Select the Require Secure Channel (SSL) option if required.

• Timeout – The time period for timeout in seconds, the default setting is 600 seconds.

9 After entering the above information, click Submit to save your settings. Click Reset to put all of the

information back to its original state.

SurfControl RiskFilter - E-mail V5.2.4 Administrator’s Guide 23

YSTEM

General

ETTINGS

LOGS AND ARCHIVES

SurfControl RiskFilter stores messages that have been isolated. Initially these messages will be stored in the default directory. If you want RiskFilter to store messages in a different place, you must change the default directories within the Logs and Archives screen.

Figure 2 - 13 The Logs and Archives screen

Setting up the storage directories

You can set up directories to hold log files, spam messages etc. using the Directories screen.

To set up directories:

1Select General > Directories from the System Settings tab.

2 Define how log files will be stored and how they will be treated when this happens:

• Directory to store log files – If you don’t want to use the default location, enter the path to the required directory into this field.

• Days to keep log files – Leave this field blank to store log files indefinitely. If you enter a number into this field, the log file will be deleted after this length of time has passed.

• Zip log files older than... – Enter a number of days into the field then any log file that has been stored for this length of time will be zipped.

Caution: Zip files will be deleted along with any other log files, so you should move any zip

files that you want to keep indefinitely out of this directory.

• Keep maximum storage size at ... MB and remove old ones on a FIFO basis - specify that once the storage size of isolated messages reaches a certain size then the oldest will be deleted so the newest can be stored.

3 If there are no other directories that you want to set, click Submit.

4 The Archived messages directory enables you to specify where archived messages are stored.

24 Administrator’s Guide SurfControl RiskFilter - E-mail V5.2.4

YSTEM

• Archive level – Define whether or not to archive files and what type of messages to archive if archiving takes place:

–Select None for no archiving.

–Select All messages except then select the relevant check boxes if you want to archive, but

do not want to save this type of message.

• Directory to store messages – Define where you want the archived messages to be stored by entering the path into the field.

• Days to keep messages – Leave this field blank to store messages indefinitely. If you enter a number into this field, the log file will be deleted after this length of time has passed.

• Keep maximum storage size at ... MB and remove old ones on a FIFO basis – Specify that once the storage size of isolated messages in the directory reaches a certain size then the oldest will be deleted so that the newest can be stored.

5 Once you have entered all of the details that you need, click Submit.

ETTINGS

General

CERTIFICATE

For an extra layer of security RiskFilter supports the use of TLS verification. This helps prevent devices such as non-trusted routers from allowing a third party to monitor or alter the communications between server and client. It also enables SMTP agents to authenticate each others identities, should this be necessary. The RiskFilter server can receive messages transferred over TLS and can also send messages via this protocol to particular domains.

For TLS to work, the domains that will use this TLS authentication must be listed in the Domain-based Delivery screen. Certificates are managed in the General > Certificate > Certificate Management screen.

Figure 2 - 14 The TLS Certificate Management screen

Notifications

When your certificate is due to expire, RiskFilter will send notifications until you import a new certificate. When you see these notifications you need to import a new certificate. They are sent in the following order:

• 30 days before the expiry date.

• Once every week after the first notification.

• Every day during the last week before expiry.

SurfControl RiskFilter - E-mail V5.2.4 Administrator’s Guide 25

+ 152 hidden pages

Surf Control RiskFilter User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Finding your way around

How RiskFilter works

MANAGING YOUR MESSAGES WITH RISKFILTER

Load balancing with RiskFilter

Launching SurfControl RiskFilter

• RiskFilter System Management Console

RISKFILTER MANAGEMENT CONSOLE (ADMINISTRATOR)

Before you start

System Settings

The System Settings tab

TERMINOLOGY USED

WHAT CAN BE CONFIGURED IN THE SYSTEM SETTINGS TAB?

General

CONFIGURATION

USER DIRECTORIES

SECURE PROXY

LOGS AND ARCHIVES

CERTIFICATE